sql injection basic question

robert_gsfame · Post by **robert_gsfame** » Sun Mar 06, 2011 6:41 am

Hi am new to hacking activity. I try practicing basic sql injection by adding a quote mark

As i am doing it on my own web page and not securing the query,

which is look like below mysql_query("SELECT FROM table WHERE id='".$_GET['id']."'");
then a warning notice should appear when single quote mark being added.

but i only got a blank page there. what is missing there?

thx in advance

alalkeimst · Post by **alalkeimst** » Sun Mar 06, 2011 11:05 pm

I think that your problem is that you do not have enabled error reporting and displaying in php. This can be done through php.ini or by using this code at the start of your file:

ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);

Hope that helps!